MutFi 0.1.3

MutFi is a firewall used to control access to services,depending on the time of day,the day and the hosts the requests come from
MutFi is a firewall used to control access to services (eg proxy) depending on the time of day, the day and the hosts the requests come from -- as the need may arise in a school or university. A web interface delegates control of activation to authorized users. MutFi stands for mutable firewall and implements the concept of a firewall that mutates in time, depending on the settings that some authorized users may modify to suit their needs.

A firewall is used to control access to a server host's services : the firewall accepts or drops the inbound packets. While doing so, it bases its decisions on the following parameters:

-time of day (and day)

-source of the requesting host (IP address)

-optionally protocol (TCP,UDP,ICMP) and port number matching a requested service (http, smtp, ...)

It was built bearing in mind the needs of a school or university where access to a server (typically a proxy server) may be allowed or disallowed depending on the time of day and the day of week and the set of hosts the requests come from (various classrooms or departments). This overall scheme has been extended to encompass (or provision for) more versatile uses.

The Netfilter firewall works with chains that IP packets traverse on their way to their destination. Chains consist of a number of rules that apply if a given condition is satisfied. Basically, if the rule's condition is satisfied by the packet, then the rule's target determine the packet's fate: it can either be ACCEPTed or DROPped or even transferred to another chain for further processing.

The rules are set up by the administrator and are meant to apply to a specific IP range (which may boil down to just one host) but some authorized users may determine whether the rule applies or not at given time slots, for the set of hosts they are responsible for.

Technically MutFi awakes at given intervals and checks if it has to perform some changes to the firewall settings. If so, it flushes the administrator-defined chains and rebuilds them with the data that currently apply.

Time slices are defined to be one hour but a time offset can be set so that changes are triggered at a number of minutes past the hour.

IP ranges (which are more versatile than IP subnets in that they don't have the same constraints of power-of-2 boundaries and extents) define ranges of hosts that requests may come from. An added advantage is that you may restrict rules to actually-allocated addresses, not subnets with unallocated stretches.

The rules are stored in a MySQL database, which also stores the users' data for authentication purposes and access control lists for authorization purposes.

What's New in This Release:

update addrule.php (extra bracket had sneaked in)

last updated on:
December 24th, 2007, 14:19 GMT
developed by:
Bernard Bou
license type:
GPL (GNU General Public License) 
ROOT \ Security


In a hurry? Add it to your Download Basket!

user rating 16



Add your review!